fmc

Qualys WAS 4.3 API Release Notification

Blog Post created by fmc on Sep 14, 2015


A new release of Qualys WAS, Version 4.3 which includes API updates, is targeted for release in October. The specific day will differ depending on the platform.  See platform release dates for more information.  The updated APIs for WAS 4.3 enhance the ability to fully automate and integrate the Qualys WAS solution with other customer applications.  WAS APIs enable customers to perform all the major functions within WAS including creating web applications to scan, launching and scheduling scans, and running and retrieving reports.  The APIs enable custom integrations with GRC tools, bug tracking systems and web application firewalls (WAFs) just to name a few.

 

 

This API notification provides an early preview into the coming API changes in Qualys WAS 4.3, allowing you to proactively identify any changes that might be required for your automated scripts or programs that utilize the API methods.


 

API Enhancements

 

Scan Status Enhancements


We’ve improved the reporting of scan status to help users better understand scan status. Enhancements include:

 

“Time Limit Exceeded” has been changed to "Time Limit Reached"

The status “Time Limit Exceeded” is no longer used.


Updated Status “No Web Service Detected”

We will now report this status when QID 150111 is reported in the scan results (element WEB_SITE/IGS/IG/QID).


New Status “Service Errors Detected”

This new status tells you the scan stopped before completion due to service errors related to timeouts during the scan, for example exceeding connection timeouts/error threshold.


New Status “Scan Internal Error”

This new status tells you the scan encountered an unexpected and unrecoverable error, which forced it to stop assessment.

 

 

Scan API

 

Updated XSD: scan.xsd/wasscan.xsd

 

New filters for Scan COUNT, Scan SEARCH

 

Includes scans with the new status using the resultsStatus filter.

 

New values for resultsStatus
TIME_LIMIT_REACHEDInclude scans with scan status “Time Limit Reached”. Previous filter TIME_LIMIT_EXCEEDED is no longer valid.
SERVICE_ERRORInclude scans with scan status “Service Errors Detected”
SCAN_INTERNAL_ERRORInclude scans with scan status “Scan Internal Error”

 


Sample for Scan COUNT

API request:

 

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @-  "https://qualysapi.qualys.com/qps/rest/3.0/count/was/wasscan" < file.xml

 

Note: “file.xml” contains the request POST data.

 

Request POST data:

 

<ServiceRequest>

  <filters>

      <Criteria field="resultsStatus" operator="IN">SERVICE_ERROR, SCAN_INTERNAL_ERROR</Criteria>

  </filters>

</ServiceRequest>

 

Response:

 

<?xml version="1.0" encoding="UTF-8"?>

<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/wasscan.xsd">

    <responseCode>SUCCESS</responseCode>

    <count>38</count>

</ServiceResponse>

 

Updated response from Scan SEARCH, Scan GET

 

The resultsStatus element in the XML output now reports one of the new scan status values as appropriate: TIME_LIMIT_REACHED, SERVICE_ERROR, SCAN_INTERNAL_ERROR.

 

Sample for Scan SEARCH

 

Request POST data:

 

<ServiceRequest>

  <filters>

      <Criteria field="resultsStatus" operator="IN">SERVICE_ERROR, SCAN_INTERNAL_ERROR, TIME_LIMIT_REACHED</Criteria>

      <Criteria field="id" operator="IN">1352324,1327378,1353021</Criteria>

  </filters>

</ServiceRequest>

 

Response:

 

<?xml version="1.0" encoding="UTF-8"?>

<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/wasscan.xsd">

  <responseCode>SUCCESS</responseCode>

  <count>3</count>

  <hasMoreRecords>false</hasMoreRecords>

  <data>

    <WasScan>

      <id>1327378</id>

      <name><![CDATA[TLE Test]]></name>

      <reference>was/1438303380031.1842885</reference>

      <type>VULNERABILITY</type>

      <mode>ONDEMAND</mode>

      <multi>false</multi>

      <target>

        <webApp>

          <id>1901948</id>

          <name><![CDATA[My Web App WAF]]></name>

          <url><![CDATA[http://10.10.26.238/waf]]></url>

        </webApp>

        <scannerAppliance>

          <type>EXTERNAL</type>

        </scannerAppliance>

        <cancelOption>SPECIFIC</cancelOption>

      </target>

      <profile>

        <id>69923</id>

        <name><![CDATA[My Profile 23]]></name>

      </profile>

      <launchedDate>2015-07-31T00:43:00Z</launchedDate>

      <launchedBy>

        <id>4354</id>

        <username>acme_ab1</username>

        <firstName><![CDATA[John]]></firstName>

        <lastName><![CDATA[Smith]]></lastName>

      </launchedBy>

      <status>FINISHED</status>

      <summary>

        <crawlDuration>141</crawlDuration>

        <testDuration>47</testDuration>

        <linksCrawled>30</linksCrawled>

        <nbRequests>3466</nbRequests>

        <resultsStatus>TIME_LIMIT_REACHED</resultsStatus>

        <authStatus>NONE</authStatus>

        <os>Linux 2.4-2.6 / Embedded Device / F5 Networks Big-IP</os>

      </summary>

    </WasScan>

    <WasScan>

      <id>1352324</id>

      <name><![CDATA[Schedule proxy Internal - Proxy out of scope to subuser]]></name>

      <reference>was/1441617604130.1847313</reference>

      <type>VULNERABILITY</type>

      <mode>SCHEDULED</mode>

      <multi>false</multi>

      <target>

        <webApp>

          <id>2309688</id>

          <name><![CDATA[My Web App BOQ]]></name>

          <url><![CDATA[http://10.10.26.238/boq/]]></url>

        </webApp>

        <scannerAppliance>

          <type>INTERNAL</type>

          <friendlyName><![CDATA[acme_sa1]]></friendlyName>

        </scannerAppliance>

        <proxy>

          <id>1425</id>

          <name><![CDATA[My Proxy]]></name>

          <url><![CDATA[http://10.10.10.11]]></url>

        </proxy>

      </target>

      <profile>

        <id>270541</id>

        <name><![CDATA[My Profile 41]]></name>

      </profile>

      <launchedDate>2015-09-07T09:20:04Z</launchedDate>

      <launchedBy>

        <id>4355</id>

        <username>qualys_ag2</username>

        <firstName><![CDATA[Alan]]></firstName>

        <lastName><![CDATA[Green]]></lastName>

      </launchedBy>

      <status>FINISHED</status>

      <summary>

        <crawlDuration>774</crawlDuration>

        <testDuration>4</testDuration>

        <linksCrawled>300</linksCrawled>

        <nbRequests>2785</nbRequests>

        <resultsStatus>SERVICE_ERROR</resultsStatus>

        <authStatus>NONE</authStatus>

        <os>Linux 2.4-2.6 / Embedded Device / F5 Networks Big-IP</os>

      </summary>

    </WasScan>

    <WasScan>

      <id>1353021</id>

      <name><![CDATA[Sched Vulnerability Scan - 2.7.0.10 WA - 2015-Mar-09]]></name>

      <reference>was/1441488303443.1847104</reference>

      <type>VULNERABILITY</type>

      <mode>SCHEDULED</mode>

      <multi>false</multi>

      <target>

        <webApp>

          <id>2284474</id>

          <name><![CDATA[My Web App 238]]></name>

          <url><![CDATA[http://10.10.26.238]]></url>

        </webApp>

        <scannerAppliance>

          <type>EXTERNAL</type>

        </scannerAppliance>

      </target>

      <profile>

        <id>139359</id>

        <name><![CDATA[My Profile 59]]></name>

      </profile>

      <launchedDate>2015-09-05T21:25:03Z</launchedDate>

      <launchedBy>

        <id>4354</id>

        <username>acme_ag2</username>

        <firstName><![CDATA[Alan]]></firstName>

        <lastName><![CDATA[Green]]></lastName>

      </launchedBy>

      <status>FINISHED</status>

      <summary>

        <resultsStatus>SCAN_INTERNAL_ERROR</resultsStatus>

        <authStatus>NONE</authStatus>

      </summary>

    </WasScan>

  </data>

</ServiceResponse>

 

Sample for Scan GET Output (for SCAN_INTERNAL_ERROR)

 

Response:

 

<?xml version="1.0" encoding="UTF-8"?>

<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/scan.xsd">

  <responseCode>SUCCESS</responseCode>

  <count>1</count>

  <data>

    <WasScan>

      <id>1353021</id>

      <name><![CDATA[Sched Vulnerability Scan - 2.7.0.10 WA - 2015-Mar-09]]></name>

      <reference>was/1441488303443.1847104</reference>

      <type>VULNERABILITY</type>

      <mode>SCHEDULED</mode>

      <progressiveScanning>true</progressiveScanning>

      <multi>false</multi>

      <target>

        <webApp>

          <id>2284474</id>

          <name><![CDATA[My Web App 238]]></name>

          <url><![CDATA[http://10.10.26.238]]></url>

        </webApp>

        <scannerAppliance>

          <type>EXTERNAL</type>

        </scannerAppliance>

      </target>

      <profile>

        <id>139359</id>

        <name><![CDATA[My Profile 59]]></name>

      </profile>

      <options>

        <count>14</count>

        <list>

          <WasScanOption>

            <name>Web Application Authentication Record Name</name>

            <value><![CDATA[None]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Sensitive Content: Credit Card Numbers</name>

            <value><![CDATA[false]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Performance Settings</name>

            <value><![CDATA[LOW]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Scanner Appliance</name>

            <value><![CDATA[External (IP: 10.10.21.160, Scanner: 7.14.37-1, WAS: 3.9.50-1, Signatures: 2.3.30-1)]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Detection Scope</name>

            <value><![CDATA[COMPLETE]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Crawling Form Submissions</name>

            <value><![CDATA[BOTH]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Bruteforce Settings</name>

            <value><![CDATA[EXHAUSTIVE]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Option Profile Name</name>

            <value><![CDATA[10 Links edit]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Maximum Crawling Links</name>

            <value><![CDATA[10]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Web Application Name</name>

            <value><![CDATA[My Web App]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Request Parameter Set</name>

            <value><![CDATA[My Parameter Set]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Sensitive Content: Social Security Numbers (US)</name>

            <value><![CDATA[false]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Cancel At</name>

            <value><![CDATA[1441557900000]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Target URL</name>

            <value><![CDATA[http://10.10.26.238]]></value>

          </WasScanOption>

        </list>

      </options>

      <launchedDate>2015-09-05T21:25:03Z</launchedDate>

      <launchedBy>

        <id>4354</id>

        <username>acme_ag2</username>

        <firstName><![CDATA[Alan]]></firstName>

        <lastName><![CDATA[Green]]></lastName>

      </launchedBy>

      <status>FINISHED</status>

      <scanDuration>171606</scanDuration>

      <summary>

        <resultsStatus>SCAN_INTERNAL_ERROR</resultsStatus>

        <authStatus>NONE</authStatus>

      </summary>

      <sendMail>true</sendMail>

    </WasScan>

  </data>

</ServiceResponse>

 

Report API

 

Updated XSD: report.xsd

 

For Scorecard Report creation request, you can include scans with the status “Service Errors Detected” by specifying the filters/scanStatus element with the value SERVICE_ERROR.

 

API request:

 

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @-

"https://qualysapi.qualys.com/qps/rest/3.0/create/was/report" < file.xml

 

Note: “file.xml” contains the request POST data.

 

Request POST data:

 

<ServiceRequest>

  <data>

    <Report>

      <name><![CDATA[My Scorecard Report]]></name>

      <description><![CDATA[A simple scorecard report]]> </description>

      <format>PDF</format>

      <type>WAS_SCORECARD_REPORT</type>

      <config>

        <scorecardReport>

          <target>

            <tags>

              <Tag>

                <id>243130</id>

              </Tag>

            </tags>

          </target>

          <display>

            <contents>              <ScorecardReportContent>DESCRIPTION</ScorecardReportContent>              <ScorecardReportContent>SUMMARY</ScorecardReportContent>              <ScorecardReportContent>GRAPHS</ScorecardReportContent>              <ScorecardReportContent>RESULTS</ScorecardReportContent>

            </contents>

            <graphs>        <ScorecardReportGraph>VULNERABILITIES_BY_GROUP</ScorecardReportGraph>        <ScorecardReportGraph>VULNERABILITIES_BY_OWASP</ScorecardReportGraph>        <ScorecardReportGraph>VULNERABILITIES_BY_WASC</ScorecardReportGraph>

          </graphs>

          <groups>

            <ScorecardReportGroup>GROUP</ScorecardReportGroup>

            <ScorecardReportGroup>OWASP</ScorecardReportGroup>

            <ScorecardReportGroup>WASC</ScorecardReportGroup>

          </groups>

          <options>

            <rawLevels>false</rawLevels>

          </options>

            </display>

            <filters>

                <scanDate>

                <startDate>2014-06-28</startDate>

                <endDate>2014-07-28</endDate>

              </scanDate>

              <scanStatus>SERVICE_ERROR</scanStatus>

              <scanAuthStatus>NONE</scanAuthStatus>

            </filters>

          </scorecardReport>

        </config>

      </Report>

  </data>

</ServiceRequest>

Outcomes